It it safe to use the built in session creator in PHP? My worry is that someone could hijack the token cookie on another persons machine, and set theirs to exactly the same, therefore tricking the server into thinking that they're the same person.
Is there protection (e.g. IP checks) to stop this or should I be using something more secure?